aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorAdam Langley <agl@imperialviolet.org>2008-07-31 23:49:48 -0400
committerDavid S. Miller <davem@davemloft.net>2008-07-31 23:49:48 -0400
commit90b7e1120bb43ffaabb88d28f80a0c2e13167b15 (patch)
tree5264787eb3c303186cff15bfd6b7ebef2a3ecb7b /net
parent77e2f14f71d68d05945f1d30ca55b5194d6ab1ce (diff)
tcp: MD5: Fix MD5 signatures on certain ACK packets
I noticed, looking at tcpdumps, that timewait ACKs were getting sent with an incorrect MD5 signature when signatures were enabled. I broke this in 49a72dfb8814c2d65bd9f8c9c6daf6395a1ec58d ("tcp: Fix MD5 signatures for non-linear skbs"). I didn't take into account that the skb passed to tcp_*_send_ack was the inbound packet, thus the source and dest addresses need to be swapped when calculating the MD5 pseudoheader. Signed-off-by: Adam Langley <agl@imperialviolet.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/ipv4/tcp_ipv4.c4
-rw-r--r--net/ipv6/tcp_ipv6.c4
2 files changed, 4 insertions, 4 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index b3875c0d83c7..91a8cfddf1c4 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -655,8 +655,8 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, u32 ack,
655 rep.th.doff = arg.iov[0].iov_len/4; 655 rep.th.doff = arg.iov[0].iov_len/4;
656 656
657 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset], 657 tcp_v4_md5_hash_hdr((__u8 *) &rep.opt[offset],
658 key, ip_hdr(skb)->daddr, 658 key, ip_hdr(skb)->saddr,
659 ip_hdr(skb)->saddr, &rep.th); 659 ip_hdr(skb)->daddr, &rep.th);
660 } 660 }
661#endif 661#endif
662 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr, 662 arg.csum = csum_tcpudp_nofold(ip_hdr(skb)->daddr,
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 1db45216b232..1bcdcbc71d68 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1094,8 +1094,8 @@ static void tcp_v6_send_ack(struct sk_buff *skb, u32 seq, u32 ack, u32 win, u32
1094 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) | 1094 *topt++ = htonl((TCPOPT_NOP << 24) | (TCPOPT_NOP << 16) |
1095 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG); 1095 (TCPOPT_MD5SIG << 8) | TCPOLEN_MD5SIG);
1096 tcp_v6_md5_hash_hdr((__u8 *)topt, key, 1096 tcp_v6_md5_hash_hdr((__u8 *)topt, key,
1097 &ipv6_hdr(skb)->daddr, 1097 &ipv6_hdr(skb)->saddr,
1098 &ipv6_hdr(skb)->saddr, t1); 1098 &ipv6_hdr(skb)->daddr, t1);
1099 } 1099 }
1100#endif 1100#endif
1101 1101